Solved

Security Vulnerability Scan of MongoDB

  • 27 April 2021
  • 1 reply
  • 168 views

Badge +3

Hello,

My Technical Security Team want to run a vulnerability scan of the MongoDB on several of my Commvault servers. They need some form of credentialed access into these databases? Is this possible or are the MongoDBs purely for internal Commvault use?

Regards

Fergus

icon

Best answer by Christian Negron 27 April 2021, 18:59

View original

1 reply

Userlevel 2
Badge +4

Hello Fergus,

 

The MongoDB configured on the Commserve/Web Servers is accessed using a Commvault back end account. These credentials are stored in the registry and Commserve database.

 

Commvault Support can decrypt the credentials if required. However, this would need a Support ticket to be created so an engineer may assist. 

 

>As an additional note, you can configure Mongo to use TLS/SSL for secured access (if required by your security team) https://documentation.commvault.com/commvault/v11/article?p=1967.htm

 


 

Please let me know if you find this information helpful. If you have any further questions or concerns, I would be more than happy to assist. 

Reply